Failed to create roles for new tenants

Bug #1707599 reported by Pengfei Ni
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
stackube
Fix Released
Critical
Pengfei Ni

Bug Description

While creating new tenants, stackube-controller failed to create the roles:

rbac_controller.go:191] Failed create default-role in namespace john for tenant john: User "system:serviceaccount:kube-system:stackube-controller" cannot create roles.rbac.authorization.k8s.io in the namespace "john". (post roles.rbac.authorization.k8s.io)

And while deleting tenants, stackube-controller failed to remove roles and clusterrolebindings:

E0731 05:58:56.862860 15 tenant_controller.go:131] Failed delete ClusterRoleBinding for tenant john: User "system:serviceaccount:kube-system:stackube-controller" cannot delete clusterrolebindings.rbac.authorization.k8s.io at the cluster scope. (delete clusterrolebindings.rbac.authorization.k8s.io john-namespace-creater)

Pengfei Ni (feiskyer)
Changed in stackube:
status: New → Confirmed
importance: Undecided → Critical
milestone: none → pike-3
milestone: pike-3 → pike-rc1
assignee: nobody → Pengfei Ni (feiskyer)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stackube (master)

Fix proposed to branch: master
Review: https://review.openstack.org/489148

Changed in stackube:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stackube (master)

Reviewed: https://review.openstack.org/489148
Committed: https://git.openstack.org/cgit/openstack/stackube/commit/?id=82b659963e472aae4a33c010b9773cdb7d2080de
Submitter: Jenkins
Branch: master

commit 82b659963e472aae4a33c010b9773cdb7d2080de
Author: Pengfei Ni <email address hidden>
Date: Mon Jul 31 17:23:08 2017 +0800

    Add requires apis to rbac cluster roles

    stackube-controller needs to create/delete roles and rolebindings.
    It also has to visit all apis in order to create tenant's own role.

    Change-Id: I48e8f0aaec00241d30dba818bcc19a3349237a16
    Closes-Bug: 1707599
    Signed-off-by: Pengfei Ni <email address hidden>

Changed in stackube:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers